﻿Imports System.Data.OleDb

Public Class User
    Inherits System.Web.UI.Page

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load

        If Me.Page.User.IsInRole("Admin") Then
            If Request.QueryString("UserName") Is Nothing Then
                Session("UserName") = User.Identity.Name
            Else
                Session("UserName") = Request.QueryString("UserName")
            End If
        Else
            Session("UserName") = User.Identity.Name
        End If


        If Me.Page.User.IsInRole("Admin") Then
            chk_Active.Visible = True
            lbl_Active.Visible = True
            chk_UserPlus.Visible = True
            lbl_UserPlus.Visible = True
        Else
            chk_Active.Visible = False
            lbl_Active.Visible = False
            chk_UserPlus.Visible = False
            lbl_UserPlus.Visible = False
        End If

        If Not IsPostBack Then
            LoadData()
        End If
    End Sub

    Protected Sub btnSave_Click(ByVal sender As Object, ByVal e As EventArgs) Handles btnSave.Click

        Dim myGUID As New System.Guid
        myGUID = Guid.NewGuid()

        Dim newPictureName = myGUID.ToString() + ".jpg"
        Dim pictureLocation As String = ""


        If fu_Picture.HasFile Then
            Dim location = Request.MapPath("pictures/userPictures") & "/" & newPictureName
            fu_Picture.SaveAs(location)
            pictureLocation = "pictures/userPictures/" & newPictureName
        Else
            pictureLocation = Session("Picture")
        End If

        Dim isActive As Boolean = False

        If Me.Page.User.IsInRole("Admin") Then
            isActive = chk_Active.Checked
        End If



        Dim oleDbConn As New OleDb.OleDbConnection(ConfigurationManager.ConnectionStrings("dbDusanCS").ConnectionString)
        Dim SqlString As String = "UPDATE Users SET FirstName = @param1,LastName = @param2,PhoneNumber = @param3,Email = @param4, Picture = @param6, Street = @param7, UnitNumber = @param8, City = @param9, PostalCode = @param10, Country = @param11, Province = @param12 WHERE UserName = @param13"
        Dim cmd As OleDbCommand = New OleDbCommand(SqlString, oleDbConn)
        cmd.CommandType = CommandType.Text
        cmd.Parameters.AddWithValue("@param1", tb_FirstName.Text)
        cmd.Parameters.AddWithValue("@param2", tb_LastName.Text)
        cmd.Parameters.AddWithValue("@param3", tb_PhoneNumber.Text)
        cmd.Parameters.AddWithValue("@param4", tb_Email.Text)
        cmd.Parameters.AddWithValue("@param6", pictureLocation)
        cmd.Parameters.AddWithValue("@param7", tb_Street.Text)
        cmd.Parameters.AddWithValue("@param8", tb_UnitNumber.Text)
        cmd.Parameters.AddWithValue("@param9", tb_City.Text)
        cmd.Parameters.AddWithValue("@param10", tb_PostalCode.Text)
        cmd.Parameters.AddWithValue("@param11", tb_Country.Text)
        cmd.Parameters.AddWithValue("@param12", tb_Province.Text)
        cmd.Parameters.AddWithValue("@param13", Session("UserName"))
        oleDbConn.Open()
        cmd.ExecuteNonQuery()

        If Me.Page.User.IsInRole("Admin") Then
            SqlString = "UPDATE Users SET Active = @param1 WHERE UserName = @param2"
            cmd = New OleDbCommand(SqlString, oleDbConn)
            cmd.CommandType = CommandType.Text
            cmd.Parameters.AddWithValue("@param1", isActive)
            cmd.Parameters.AddWithValue("@param2", Session("UserName"))
            cmd.ExecuteNonQuery()


            If chk_UserPlus.Checked = True Then
                If (checkUserPlus() = False) Then

                    'Insert record inside aspnet_UsersInRoles with Role UserPlus
                    Dim SqlStringPlus As String = "INSERT INTO aspnet_UsersInRoles (UserId,RoleId) VALUES (@param1, 4)"
                    cmd = New OleDbCommand(SqlStringPlus, oleDbConn)
                    cmd.CommandType = CommandType.Text
                    cmd.Parameters.AddWithValue("@param1", getUserId())
                    cmd.ExecuteNonQuery()

                End If
            End If

        End If

        oleDbConn.Close()
        cmd.Dispose()


        If Me.Page.User.IsInRole("Admin") Then
            Response.Redirect("ThankYou.aspx?back=UserList.aspx&message=updated user")
        Else
            Response.Redirect("ThankYou.aspx?back=TorontoPicturesList.aspx&message=updated user")
        End If


    End Sub

    Protected Sub LoadData()
        Dim oleDbConn As New OleDb.OleDbConnection(ConfigurationManager.ConnectionStrings("dbDusanCS").ConnectionString)
        Dim SqlString As String = "SELECT FirstName,LastName,PhoneNumber,Email,Active,Street,UnitNumber,City,PostalCode,Country,Province,Picture FROM Users WHERE UserName = @param1"
        Dim cmd As OleDbCommand = New OleDbCommand(SqlString, oleDbConn)
        cmd.CommandType = CommandType.Text
        cmd.Parameters.AddWithValue("@param1", Session("UserName"))
        oleDbConn.Open()

        Dim userData As OleDbDataReader = cmd.ExecuteReader()

        lblUsername.Text = Session("UserName") + " Details"
        imgUser.ImageUrl = "pictures/userPictures/default.jpg"
        chk_UserPlus.Checked = False

        Session("Picture") = "pictures/userPictures/default.jpg"

        If userData.HasRows Then
            Do While userData.Read()

                If Not userData("FirstName") Is DBNull.Value Then
                    tb_FirstName.Text = userData.GetString(0)
                End If

                If Not userData("LastName") Is DBNull.Value Then
                    tb_LastName.Text = userData.GetString(1)
                End If

                If Not userData("Email") Is DBNull.Value Then
                    tb_Email.Text = userData.GetString(2)
                End If

                If Not userData("PhoneNumber") Is DBNull.Value Then
                    tb_PhoneNumber.Text = userData.GetString(3)
                End If

                If Not userData("Active") Is DBNull.Value Then
                    chk_Active.Checked = userData.GetBoolean(4)
                End If

                If Not userData("Street") Is DBNull.Value Then
                    tb_Street.Text = userData.GetString(5)
                End If

                If Not userData("UnitNumber") Is DBNull.Value Then
                    tb_UnitNumber.Text = userData.GetString(6)
                End If

                If Not userData("City") Is DBNull.Value Then
                    tb_City.Text = userData.GetString(7)
                End If

                If Not userData("PostalCode") Is DBNull.Value Then
                    tb_PostalCode.Text = userData.GetString(8)
                End If

                If Not userData("Country") Is DBNull.Value Then
                    tb_Country.Text = userData.GetString(9)
                End If

                If Not userData("Province") Is DBNull.Value Then
                    tb_Province.Text = userData.GetString(10)
                End If

                If Not userData("Picture") Is DBNull.Value Then
                    imgUser.ImageUrl = userData.GetString(11)
                    Session("Picture") = userData.GetString(11)
                End If

            Loop
        End If

        ' Check for UserPlus

        If checkUserPlus() = True Then
            chk_UserPlus.Checked = True
        End If

        oleDbConn.Close()

    End Sub

    Public Function checkUserPlus() As Boolean

        Dim isUserPlus As Boolean = False

        Dim oleDbConn As New OleDb.OleDbConnection(ConfigurationManager.ConnectionStrings("dbDusanCS").ConnectionString)
        Dim SqlString As String = "SELECT aspnet_UsersInRoles.UserId FROM aspnet_Users INNER JOIN aspnet_UsersInRoles ON aspnet_UsersInRoles.UserId = aspnet_Users.UserId WHERE aspnet_UsersInRoles.RoleId = 4 AND aspnet_Users.UserName = @param1"
        Dim cmd As OleDbCommand = New OleDbCommand(SqlString, oleDbConn)
        cmd.CommandType = CommandType.Text
        cmd.Parameters.AddWithValue("@param1", Session("UserName"))
        oleDbConn.Open()

        Dim readerUserID As OleDbDataReader = cmd.ExecuteReader()

        If readerUserID.HasRows Then
            isUserPlus = True
        End If

        oleDbConn.Close()

        Return isUserPlus

    End Function

    Public Function getUserId() As Int32

        Dim userId As Int32 = 0

        Dim oleDbConn As New OleDb.OleDbConnection(ConfigurationManager.ConnectionStrings("dbDusanCS").ConnectionString)
        Dim SqlString As String = "SELECT UserId FROM aspnet_Users WHERE UserName = @param1"
        Dim cmd As OleDbCommand = New OleDbCommand(SqlString, oleDbConn)
        cmd.CommandType = CommandType.Text
        cmd.Parameters.AddWithValue("@param1", Session("UserName"))
        oleDbConn.Open()

        Dim readerUserID As OleDbDataReader = cmd.ExecuteReader()

        If readerUserID.HasRows Then
            Do While readerUserID.Read()
                userId = readerUserID.Item(0)
            Loop
        End If

        oleDbConn.Close()

        Return userId

    End Function

End Class